EventID 5438 Source SMS Server filling up app event logs
I receive this.. every few minutes..
MS_MP_CONTROL_MANAGER on computer PSTDC reported: MP Control Manager detected MP is not responding to HTTP requests. The http error is 2147500037.
Possible cause: MP service is not started or not responding.
Solution: Manually restart the SMS Agent Host service on the MP.
Possible cause: IIS service is not responding.
Solution: Manually restart the W3SVC service on the MP.
I've seen a few notes regarding this, suggesting to check client certificate.. i'm not sure what is meant by this.. which client?
I am running this on a domain controller, which is also a CA, though our ENT CA is on a different server...
Any ideas?
Thanks
Answers
- Are you trying to auto-enroll the site server signing certificate? That one actually needs to be done manually I'm told, just checked with the experts here.
All Replies
I should add that we are also getting this kerberos client error on the same box.. and that we are using native mode.
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/pstdc.pst.local. The target name used was HTTP/pstdc.domain.local. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (domain.LOCAL), and the client realm. Please contact your system administrator.
Are you imaging the machines? This could be a sysprep issue with duplicate SID or it could be unrelated, it sure looks suspicious though.
You probably want to look at your IIS logs and any IIS related events as well.
Stan White - MSFT wrote: Are you imaging the machines? This could be a sysprep issue with duplicate SID or it could be unrelated, it sure looks suspicious though.
You probably want to look at your IIS logs and any IIS related events as well.
I've never cloned this server.. but the error occurs along with the fact that I have dpm 2007 installed on another server and i've been trying to replicate data to that server, but the dpm agent keeps timing out with a communication error..
Not sure if the two are related.
Probably unrelated.. but directly related to CM 2007... i have this autoenrollment error every so often.. i think its complaining because the SAN is something like "the site code for this bla bla is... "
Automatic certificate enrollment for local system failed to enroll for one Domain Controller Authentication certificate (0x80094001). The request subject name is invalid or too long.
Eventid 13- Are you trying to auto-enroll the site server signing certificate? That one actually needs to be done manually I'm told, just checked with the experts here.
What would be involved in manually doing so.. or making that change?
I think the certificate was auto enrolled and worked initially...
The server certificates are usually just manually requested/enrolled for the few server computers you need to touch, but auto-enrolled on the clients using GP. Not to say that it could not be made to work it's just a lot of moving parts for a couple of machines and hopefully a rare operation.
Here is a link to a place to get started:
http://technet.microsoft.com/en-us/library/bb632732.aspx
That won't give you a lot of detail or answer all your questions but there are more links at the bottom. Feel free to post more Q's as you bump into anything strange or get stuck while doing this.There was another forum post that called out the need to bind IIS to a specific IP instead of 'ALL' , you may want to check that as well.
